CVE-2025-40552 | THREATINT

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

PUBLISHED Reserved 2025-04-16 | Published 2026-01-28 | Updated 2026-02-02 | Assigner SolarWinds

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1390 Weak Authentication

Product status

Default status

affected

12.8.8 HF1 and below

affected

Credits

Piotr Bazydlo working with watchTowr reporter

References

www.solarwinds.com/...ter/security-advisories/CVE-2025-40552 vendor-advisory patch

documentation.solarwinds.com/...whd_2026-1_release_notes.htm

cve.org (CVE-2025-40552)

nvd.nist.gov (CVE-2025-40552)

Download JSON